Excelcomindo

SAP Security
Jakarta, 03 September 2007
Understand SAP Security Concept.
Use Profile Generator.
Maintain user account.
Maintain user profile.
Goals:
Chapter 1 SAP Security/Authorization Concept.
Chapter 2 Profile Generator.
Chapter 3 SAP user Maintenance.
Chapter 4 System Parameter relation to Security.
Conclusion
Contents
SAP Security Concept
Authorization Concept
Contents:
Understand the concept of authorization profiles
Understand the concept of authorizations
Understand Activity Groups.
Objectives:
I. SAP Security/Authorization Concept
SAP Security Concept
Authorization Concept
F I
- !nng tcxt
- tcchn. namc
- fIc!d
- fIc!d va!uc
gcncratcd
frnm PG
Jnhn Examp!c
(5AP1234)
Amy Anywhcrc
(5AP3456)
H R
Objcct C!ass AuthnrIzatInn
Objcct
AuthnrIzatInn PrnfI!c Uscr
- !nng tcxt
- tcchn. namc
- !nng tcxt
- tcchn. namc
gcncratcd
frnm PG
- fIc!d
- fIc!d va!uc
- fIc!d
- fIc!d va!uc
- fIc!d
- fIc!d va!uc
Authorization Concept (2)
contains a group of authorizations, that is, a group of access privileges.
An Authorization Profile
are assigned to users in the user master records. A profile could represent a simple job
position since it defines the tasks for which a user has access privileges.
Profiles
form a set of tasks or activities that can be performed in the system, such as running
programs, transactions and other functions that generally represent job roles.
Activity Groups
identifies an element or object within the SAP system which needs to be protected. An
authorization can contain a maximum of 10 authorization fields.
An Authorization Object
Working With Profile
Generator
Creating Activity Groups
Contents:
Understand how to use Profile Generator
Understand how to make Activity Groups.
Objectives:
II. Profile Generator
Profile Generator
A SAP Tools Available since 3.0F that aids ins facilitating the management of user
authorizations and profiles. Tools Administration User Maintenance Act.
Groups or alternatively PFCG in the command field.
The basic steps are:
Create the activity group.
Select the transactions from the menu.
Complete the authorizations for chosen activities.
Generate the profiles.
Assign the profiles to users.
Menu:
Creating Activity Group
Create/Delete Users
Create/Change User Profiles
Tracing Authorization
Contents:
Understand how to maintain user account
Understand how to trace authorization problems
Objectives:
III. SAP Users/Profiles Maintenance
Tools Administration Maintain User Users or alternatively
SU01 in the command field.
Menu:
Create/Delete Users
Tools Administration Maintain User Profile or
alternatively SU02 in the command field.
Menu:
Create/Change User Profiles
Using System Trace (ST01), more general purpose tools.
Using transaction SU53, more specific for authorization error.
Two methods are available:
Tracing Authorization
Technical Parameters Setting related to
security.
Content:
Understand how to set up security parameter
setting.
Objectives:
IV. System Parameter related to Security
loginJmin_password_lng:
minimum length of a password.
loginJpassword_expiration_time:
number of days after which a password must be changed.
rdispJgui_auto_logout :
to activate automatic log off.
loginJfails_to_session_end :
specifies the number of times that a user can enter an incorrect
password before the system ends the logon attempt.
loginJfails_to_user_lock:
specifies the number of times that a user can enter an incorrect
password before the system locks the user against further logon
attempts.
Technical Parameter